Cybersecurity

The SolarWinds supply chain attack is a watershed moment for software security — and it has profound implications for how we build, ship, and trust code.

FireEye discloses that sophisticated attackers stole their red team tools. The implications for the security industry — and every organization using those tools — are serious.

A joint NSA/CISA advisory details 25 CVEs actively exploited by Chinese state-sponsored actors. The uncomfortable truth: most are well-known and patchable.

CVE-2020-1472, dubbed Zerologon, scores a perfect 10.0 CVSS and allows full domain takeover with a handful of packets. Here’s what you need to know.

The massive Twitter compromise that hit Barack Obama, Elon Musk, and Apple wasn’t a sophisticated zero-day — it was social engineering targeting internal tools. That’s the scary part.

Home IoT device sales have surged during lockdowns, and every one of those devices just joined a corporate network via VPN. The security implications are significant.

As teams rushed to enable remote development workflows, CI/CD pipelines became a prime target. Here’s what’s going wrong and how to harden your build infrastructure.

Apple and Google collaborate on a Bluetooth-based exposure notification system that puts privacy-preserving architecture front and center.

Zoom’s explosive pandemic-driven growth is exposing serious security and privacy issues. The ‘Zoombombing’ phenomenon is just the tip of the iceberg.

The Washington Post reveals the CIA secretly owned Crypto AG for decades, selling compromised encryption to governments worldwide. The supply chain trust implications are staggering.

The NSA disclosed CVE-2020-0601, a critical vulnerability in Windows CryptoAPI’s certificate validation. The fact that they reported it instead of hoarding it marks a notable shift.